BlackBerry Research Group reported February 27, that the hacker group, known as Blind Eagle or APT-C-36, recently managed to impersonate the state tax agency of Colombia and Ecuador in order to steal information from government, financial and many other institutions of these countries.
Previously about Blind Eagle wrote Checkpoint, which reported that the grouping has reported that the grouping Developed a “more advanced set of tools” for the distribution of phishing emails. Malicious references in these letters ultimately were victims to install a trojan of remote access (RAT), which gives hackers access to infected computers.
Researchers believe that the Blind Eagle group has been operating at least since 2018 and is physically based on the territory of South America, although there is no specific evidence of this.
In the harmful campaign of the group studied by BlackBerry, phishing emails came with fake PDF files, which looked like they came from the Colombian National Tax Directorate. “The letter that we analyzed says that the recipient is the” 45 days of debt “for taxes on taxes. The addressee is invited to click the link to view their account, which is supplied in the form of a PDF file,” Blackberry said.
The Blind Eagle campaigns, which exposed the Checkpoint, were more oriented towards access to financial institutions. One of the related PDF files was designed to look like a document from the Department of Migration of the Ministry of Foreign Affairs of Colombia. And the other used the logo of the internal income service of Ecuador.
“Blind Eagle is clearly more interested in cybercrime and monetary benefit than with a espionage,” Checkpoint said, while BlackBerry experts consider the opposite. They think that the latest group campaign was aimed precisely at the “theft of information and espionage.”
We are unlikely to hear the last time about the Blind Eagle group. Probably, the true motives of the attackers will be revealed later.